The
Information and Communications Technology Risk department is part of the Group
Risk Functions within BNP Paribas. It is a part of the 2nd line of defence
under the Bank’s Enterprise Risk Management and Chief Operational Risk Officer.
The department has responsibility for identification of key technology risks to
the Bank and influencing business and technology partners to take sound risk
management decisions. Our work involves following initiatives, for
example:
– Application
& Infrastructure Risk Assessments working with the Business and Technology
teams to identify security issues in existing and new systems, and agree
corresponding actions to mitigate or accept risks
– Tracking
issues and agreed actions to completion
– Horizontal
and Vertical Risk Assessments
– Assessing
technology risks in relation to a particular theme or technology across the
third party suppliers. Examples could be assessments of the firewall change
process, applications processing >$5m per day, applications hosted in the
cloud, etc.
– Assessing
risks to a product, service, technology or infrastructure. For instance, we may
complete a vertical assessment on our remote working solution (including
Infrastructure, applications, data, threats etc.) or our Internet connectivity.
– Partnership
to the Business and Technology teams in helping them understand their
technology risk profile and influencing their risk management decisions.
About the job
Integrated in the
Global Iberian Centre of Excellence, and as a Cyber Risk Intelligence Analyst, the
candidate will play a critical role in safeguarding BNP Paribas information
systems by managing external attack surfaces, assessing cyber risks for corporate
clients, and delivering critical emerging risk reports. You will leverage
advanced tools such as External Attack Surface Management (EASM) alongside
open-source intelligence to ensure robust security practices and compliance
with regulatory demands in the UK and US
The position is based in Porto reporting directly
to the Global RISK ORM Iberian Centre of Excellence and functionally to Head of
Cyber Risk Intelligence, Emerging Technology Operational Risks and Intelligence,
located in London
Your Main
Activities Are
External Attack Surface
Management:
- Utilise Qualys
EASM to monitor and manage external attack surfaces effectively. - Conduct thorough
investigations to identify and evaluate threats, vulnerabilities, and remedial
actions in collaboration with our Cyber Defence Facility (CDF) colleagues. - Maintain and
reconcile external asset inventory, including integration with public cloud
services, SaaS, and alternative inventory platforms. - Develop strategies
for the continuous improvement of security posture and reduction of risk
exposure.
Credit Cyber Risk Assessment:
- Lead the delivery
of Cyber Risk Assessments for corporate clients to identify potential
cybersecurity vulnerabilities. - Foster ongoing
collaboration and training with credit risk officers globally to enhance their
understanding and management of cyber risk in credit operations. - Develop and
implement risk assessment frameworks that adhere to internal standards and
regulatory requirements.
Risk Horizon Reporting:
·
Produce and deliver
the Risk Horizon report, which provides a comprehensive analysis of emerging
technology risks that could impact various facets of our business.
This task involves scanning the technological landscape for emerging trends
and potential threats, including those related to cybersecurity, artificial
intelligence, quantum computing, and other innovative technologies. Maintain a
high standard of reporting, ensuring that findings and strategic
recommendations are clearly communicated, actionable, and aligned with our
global risk management framework.
Profile and Skills to Success
Qualifications:
- Bachelor’s or Master’s degree in Cybersecurity, Information
Technology, or a related field. - Proven experience in cybersecurity, particularly in roles focusing on
external attack surface management, risk assessment, or intelligence
analysis. - Certification in cybersecurity such as Certified Information Systems
Security Professional (CISSP), Certified Information Security Manager
(CISM), Certified Ethical Hacker (CEH), Certified Cloud Security
Professional (CCSP), or Global Information Assurance Certification (GIAC). - Additional certifications such as ISACA Risk and Information Systems
Control (CRISC), NIST Cybersecurity Framework (NCSF), or CompTIA Security+
are highly desirable.
Skills:
- Technical Proficiency: Proficient in using cybersecurity tools
like Qualys EASM and a broad array of security platforms. Comprehensive
understanding of security protocols, threat intelligence systems, and
vulnerability management processes. Familiarity with frameworks such as
NIST, ISO 27001, and others essential for effective cybersecurity management.
Ability to identify, assess, and mitigate vulnerabilities within a variety
of computing environments. - Analytical Thinking: Strong analytical skills with a keen ability
to assess complex data, identify patterns and vulnerabilities, and devise
effective, actionable solutions. - Communication Skills: Excellent communication skills, both
written and verbal, with the ability to produce detailed, clear, and
actionable reports. Proficiency in explaining complex security risks and
concepts to non-technical stakeholders. - Problem Solving: Robust problem-solving skills with a proactive
approach to identifying risks and implementing preventative strategies. - Project Management: Ability to lead projects, manage timelines
effectively, and collaborate with teams across different geographical
locations. - Adaptability and Learning: Ability to quickly adapt to new
technologies and continuously update knowledge in a rapidly evolving
field. Willingness to engage in ongoing professional development.
Why Join Us:
You will be joining a
forward-thinking company that values innovation and a proactive approach to
cybersecurity. We offer a competitive salary, comprehensive benefits, and
opportunities for professional growth in a dynamic and supportive environment
#LI-Hybrid
Why joining BNP
Paribas?
· Leading banking
institution
BNP Paribas is a
leader in the Eurozone, and a prominent international banking institution with
strong roots in Europe’s banking history. It has a presence in 65 countries,
with around 190 000 Employees – including more than 145 000 in Europe.
· Our presence in
Portugal
Since 1985, BNP
Paribas was one of the first foreign banks to operate in the country. Today,
the Group has around 7.100 employees across several entities operating directly
in the territory, offering a wide range of integrated financial solutions to
support its clients and their businesses.
· International reach
Thanks to its
international presence and regular and close collaboration among its different
entities, BNP Paribas has the resources to support all clients with financing,
investment, savings and protection solutions that help make their projects a
success. BNP Paribas holds key positions in its three core operating divisions:
Retail Banking, a
division that brings together all of the Group’s retail activities and
specialised business lines;
Investment &
Protection Services that include specialised businesses offering a wide range
of savings, investment and protection services;
Corporate &
Institutional Banking division that offers tailored financial solutions for
corporate and institutional clients.
· Diversity and
Inclusion commitment
BNP Paribas is an
equal opportunity employer and proud to provide equal employment opportunity to
all job seekers. We are actively committed to ensuring that no individual is
discriminated against on the grounds of age, disability, gender reassignment,
marriage or civil partnership status, pregnancy and maternity/paternity, race,
religion or belief, sex or sexual orientation. Equity and diversity are at the
core of our recruitment policy because we believe that they foster creativity
and efficiency, which in turn increase performance and productivity. We strive
to reflect the society we live in, while keeping with the image of our clients.
· Commitment towards
work/life balance
At BNP Paribas we care
about our employees wellbeing and promote a culture of good integration between
work and rest. We believe our employees have rich personal lives outside of
work, being fundamental to be disconnected from work to recharge both
physically and mentally. Only through this balance we may all be at our best
while working.
· Remote Working
Conditions
At BNP Paribas, we
embrace a Smart Working framework based on trust, autonomy and collaboration.
Within this framework, eligible employees can benefit from flexible remote
working modalities adapted to our hybrid working environment. To guarantee a
comfortable and efficient working set-up, eligible employees are provided with
both the office and home equipment, are entitled to an equipment allowance and
can benefit from exclusive partnerships to purchase additional equipment at
reduced prices.
To find out more on
why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal
* Please note that
only applications submitted in English will be considered.
* In case you are
selected for this role, further documentation will be requested to support your
hiring process.